IT GRC Analyst

Company Details

Company URL: https://www.berkleytechnologyservices.com/                                        

Berkley Technology Services (BTS), a member company of W. R. Berkley Corporation, has facilities located in Des Moines, Iowa and Wilmington, Delaware and provides results-driven software applications, system connectivity, and world-class operational support across the enterprise. Offering an entrepreneurial and innovative culture, we enable team members to be on the cutting edge of technology while delivering high quality solutions. Additionally, we provide a competitive compensation and benefits package including a casual dress code and flexible work arrangements. BTS is constantly growing and expanding to meet the changing demands of one of the most successful insurance organizations in the world. Visit us at https://berkley-bts.com to learn more about BTS and the career opportunities we have available!

Berkley Technology Services: Right Team, Right Technology, Simple and Secure.  

Responsibilities

Berkley Technology Services (BTS) is hiring an IT GRC Analyst reporting to the Director, IT Regulatory and Compliance and will be located in either Urbandale, Iowa, Wilmington, Delaware, Austin, Texas, Manassas, Virginia or remote may be available for the right candidate. This is an exciting role for an IT GRC analyst to be part of a global Fortune 400 (W.R. Berkley) Governance Risk and Compliance program’s operational activities. This role may be filled at the Sr. Analyst level based on the candidate’s ability to be a thought-leader, qualified subject matter expert, and proven ability to help drive the program and requirements. Working in concert with other Compliance, Information Technology, Information Security, and Business Unit functions, the IT GRC Analyst will ensure our overall control environment and corresponding activities/controls are aligned to our policies, standards and/or relevant regulations. This role will focus on control assessments, from both a design and operating effectiveness perspective, against processes, applications/systems, infrastructure, etc. to ensure compliance. The IT GRC Analyst will document control assessments and other reviews by gathering evidence and documentation of workpapers. Additionally, this role will have input into risk assessments and issue documentation/tracking to support the full lifecycle of GRC operations. On our team, you’ll actively engage with technical and compliance/legal teams, business units to perform and advance IT GRC operations. To do this, you’ll be hands-on and help drive processes and procedures with other IT GRC professionals dedicated to the mission and vision of Berkley IT GRC operations.

• Provide input in the research and development of IT General Control (ITGC) Framework, development of standards and controls.
• Review control processes and procedures areas to help drive control improvement and automation with technology teams/processes to help enhance overall business operations. 
• Participate in reviews of internal IT and Security controls by performing control and risk assessments of processes, procedures, system configurations, etc. to document control effectiveness from both a design and operating effectiveness perspective.
• Participate in process and/or third-party vendor reviews as it relates to IT General Controls, Security Controls, System/Network Architectures, and/or Privacy Controls.
• Help document IT and Security controls testing results and/or findings, including the gathering and organizing of documentation or evidence collected.
• Participate in risk assessments through review of technology and security controls, and other due diligence activities.
• Assist with findings across all compliance related activities are documented and tracked for remediation, with direct involvement by either facilitation of discussions, or by being directly involved in the process.
• Assist on external audits to facilitate the process of gathering any requested information and/or documentation.
• Understand and help provide guidance with regulations such as Sarbanes-Oxley (SOX), NY CCR Part 500 Cyber Security Regulation, General Data Protection Regulation (GDPR), and/or California Consumer Privacy Act (CCPA).
• Provide “Person in Charge” (PIC) coverage when on rotation.

Qualifications

• Minimum of 2 years of hands-on experience within Governance, Risk, Compliance with an emphasis on control/process/vendor assessments and regulatory compliance.
• College Degree, CS, IT or related technical discipline
• Experience within the Insurance or Financial industries, along with relevant certifications as CISA, are preferred.
• Hands on experience with GRC tools such as Archer, AuditBoard, ProcessUnity, OneTrust and ServiceNow etc...
• Proven ability to guide or train others control frameworks and/or control assessments processes using COBIT, UCF, NIST, CIS 18 and ISO 27001
• College Degree, CS, IT or related technical discipline or a combination of education and experience
• Extremely detail oriented with excellent organizational and planning skills and equally proficient oral and written communication acumen

Behavioral Core Competencies

• Excellent written and verbal communication skills
• Ability to work collaboratively with cross-functional teams.
• Detail-oriented with strong analytical and problem-solving skills.
• Leadership and communication skills, with the ability to inspire and influence cross-functional teams and senior stakeholders.

 The Company is an equal employment opportunity employer.